GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
36 advisories
XXE vulnerability in Jenkins Flaky Test Handler Plugin
High
CVE-2022-28140
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
High
CVE-2022-29049
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
Remote Code Execution in Apache Flume
High
CVE-2022-25167
was published
for
org.apache.flume.flume-ng-sources:flume-jms-source
(Maven)
Jun 15, 2022
Jetty vulnerable to exposure of sensitive information due to observable discrepancy
High
CVE-2017-9735
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
High
CVE-2021-37137
was published
for
io.netty:netty
(Maven)
Sep 9, 2021
Information Exposure in Netty
High
CVE-2015-2156
was published
for
io.netty:netty
(Maven)
Jun 30, 2020
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
High
CVE-2021-37136
was published
for
io.netty:netty
(Maven)
Sep 9, 2021
Unsafe Deserialization in jackson-databind
High
CVE-2020-24750
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Dec 9, 2021
Path Traversal in Jenkins Warnings Next Generation Plugin
High
CVE-2022-23107
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Jan 21, 2022
CSRF vulnerability in Jenkins autonomiq plugin
High
CVE-2022-25194
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin
High
CVE-2019-10327
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Plaintext password storage in Jenkins InfluxDB Plugin
High
CVE-2019-10329
was published
for
org.jenkins-ci.plugins:influxdb
(Maven)
May 24, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2022-25174
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-25173
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
OS command execution vulnerability in Jenkins Docker Commons Plugin
High
CVE-2022-20617
was published
for
org.jenkins-ci.plugins:docker-commons
(Maven)
Jan 13, 2022
Incorrect Authorization in Jenkins Core
High
CVE-2023-27899
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Cross-site Scripting vulnerability in Jenkins
High
CVE-2023-27898
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Denial of service in Jenkins Core
High
CVE-2023-27901
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
High
CVE-2013-1777
was published
for
org.apache.geronimo.framework:geronimo-jmx-remoting
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API